Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecation warning on enable_binary_authorization #1331

Closed
wyardley opened this issue Jul 21, 2022 · 5 comments · Fixed by #1332 or #1326
Closed

Deprecation warning on enable_binary_authorization #1331

wyardley opened this issue Jul 21, 2022 · 5 comments · Fixed by #1332 or #1326
Labels
bug Something isn't working good first issue Good for newcomers triaged Scoped and ready for work

Comments

@wyardley
Copy link
Contributor

TL;DR

Module creates a Deprecated in favor of binary_authorization warning with latest Google provider

Expected behavior

No deprecation warning

Observed behavior

│ Warning: Argument is deprecated
│ 
│   with module.gke.google_container_cluster.primary,
│   on .terraform/modules/gke/modules/beta-private-cluster/cluster.tf line 121, in resource "google_container_cluster" "primary":
│  121:   enable_binary_authorization = var.enable_binary_authorization
│ 
│ Deprecated in favor of binary_authorization.

Terraform Configuration

module "gke" {
  source                       = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster"
  version                      = "22.0.0"
  project_id                   = "foo"
  name                         = "foo"
  regional                     = true
  region                       = "us-west2"
  // [...]
}

Terraform Version

Terraform v1.2.5
on darwin_arm64
+ provider registry.terraform.io/fluxcd/flux v0.15.2
+ provider registry.terraform.io/gavinbunney/kubectl v1.14.0
+ provider registry.terraform.io/hashicorp/google v4.28.0
+ provider registry.terraform.io/hashicorp/google-beta v4.29.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.12.1
+ provider registry.terraform.io/hashicorp/random v3.3.2
+ provider registry.terraform.io/integrations/github v4.27.0


### Additional information

_No response_
@wyardley wyardley added the bug Something isn't working label Jul 21, 2022
@bharathkkb bharathkkb added good first issue Good for newcomers triaged Scoped and ready for work labels Jul 22, 2022
@bharathkkb
Copy link
Member

Thanks for the report @wyardley. Happy to review a PR swapping this.

@wyardley
Copy link
Contributor Author

Thanks for the report @wyardley. Happy to review a PR swapping this.

Sure - can do, just wanted to make sure there weren't min version / compatibility concerns.

@wyardley
Copy link
Contributor Author

Obviously, will have to work on regenerating, and updating tests if needed, but is the rough idea something like this?
The docs are not super helpful, but that's my guess based on https://github.com/hashicorp/terraform-provider-google/search?q=PROJECT_SINGLETON_POLICY_ENFORCE

--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -152,6 +152,14 @@ resource "google_container_cluster" "primary" {
   default_max_pods_per_node = var.default_max_pods_per_node
   enable_shielded_nodes       = var.enable_shielded_nodes
   enable_binary_authorization = var.enable_binary_authorization
+
+  dynamic "binary_authorization" {
+    for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
+    content {
+      evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+    }
+  }
+
   {% if beta_cluster %}
   enable_intranode_visibility = var.enable_intranode_visibility
   enable_kubernetes_alpha     = var.enable_kubernetes_alpha

wyardley added a commit to wyardley/terraform-google-kubernetes-engine that referenced this issue Jul 22, 2022
@wyardley
fix: resolve deprecation warning for binary authorization
d697c9c 
enable_binary_authorization is now deprecated in favor of the
binary_authorization block. This preserves the module's interface, but
updates the underlying behavior

Fixes terraform-google-modules#1331
@wyardley wyardley mentioned this issue Jul 22, 2022
Merged
@wyardley
Copy link
Contributor Author

Also, is the preference to keep the module interface consistent (enable_binary_authorization = true)? That's probably the simplest / narrowest fix, and I believe should be non-breaking, though it doesn't preserve consistency between the module interface and the provider's.

I'm not sure what minimum version is required for this, but since the module requires >= 4.25.0, guessing we're good there?

wyardley added a commit to wyardley/terraform-google-kubernetes-engine that referenced this issue Jul 22, 2022
@wyardley
fix: resolve deprecation warning for binary authorization
f0dc139 
enable_binary_authorization is now deprecated in favor of the
binary_authorization block. This preserves the module's interface, but
updates the underlying behavior

Fixes terraform-google-modules#1331
wyardley added a commit to wyardley/terraform-google-kubernetes-engine that referenced this issue Jul 22, 2022
@wyardley
fix: resolve deprecation warning for binary authorization
40b3440 
enable_binary_authorization is now deprecated in favor of the
binary_authorization block. This preserves the module's interface, but
updates the underlying behavior

Fixes terraform-google-modules#1331
wyardley added a commit to wyardley/terraform-google-kubernetes-engine that referenced this issue Jul 22, 2022
@wyardley
fix: resolve deprecation warning for binary authorization
56f6daf 
enable_binary_authorization is now deprecated in favor of the
binary_authorization block. This preserves the module's interface, but
updates the underlying behavior

Fixes terraform-google-modules#1331
wyardley added a commit to wyardley/terraform-google-kubernetes-engine that referenced this issue Jul 22, 2022
@wyardley
fix: resolve deprecation warning for binary authorization
e890e1e 
enable_binary_authorization is now deprecated in favor of the
binary_authorization block. This preserves the module's interface, but
updates the underlying behavior

Fixes terraform-google-modules#1331
wyardley added a commit to wyardley/terraform-google-kubernetes-engine that referenced this issue Jul 22, 2022
@wyardley
fix: resolve deprecation warning for binary authorization
e533ad5 
enable_binary_authorization is now deprecated in favor of the
binary_authorization block. This preserves the module's interface, but
updates the underlying behavior

Fixes terraform-google-modules#1331
@wyardley
Copy link
Contributor Author

Thanks for the report @wyardley. Happy to review a PR swapping this.

Hi @bharathkkb
would you mind taking a look at #1332 when you have a chance?

bharathkkb pushed a commit that referenced this issue Jul 26, 2022
@wyardley
fix: resolve deprecation warning for binary authorization (#1332)
f8a5cca 
enable_binary_authorization is now deprecated in favor of the
binary_authorization block. This preserves the module's interface, but
updates the underlying behavior

Fixes #1331
@release-please release-please bot mentioned this issue Jul 26, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers triaged Scoped and ready for work
Projects
None yet
Milestone
No milestone
2 participants
@wyardley @bharathkkb